From 4c86b65c56ce4a69ddbbc100fe2d66ac52e239de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 5 Jul 2019 18:41:23 +0200
Subject: [PATCH] fix: Avoid bypass with "http://user:pwd@host.tld"

---
 lookyloo/lookyloo.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lookyloo/lookyloo.py b/lookyloo/lookyloo.py
index 73af8b9..0f26fb1 100644
--- a/lookyloo/lookyloo.py
+++ b/lookyloo/lookyloo.py
@@ -167,12 +167,11 @@ class Lookyloo():
         if self.only_global_lookups:
             splitted_url = urlsplit(url)
             if splitted_url.netloc:
-                if ':' in splitted_url.netloc:
-                    ip = socket.gethostbyname(splitted_url.netloc.split(':')[0])
-                else:
-                    ip = socket.gethostbyname(splitted_url.netloc)
+                ip = socket.gethostbyname(splitted_url.hostname)
                 if not ipaddress.ip_address(ip).is_global:
                     return False
+            else:
+                return False
 
         items = crawl(self.splash_url, url, depth, user_agent=user_agent, log_enabled=True, log_level='INFO')
         if not items: